10 Vendors Working to Secure Containers From Modern Threats

Security is top of mind in nearly every sector of technology today, and that includes containers. One of the early promises of containers is that they offer a more agile method of application deployment, with multiple native security capabilities inherited from Linux. The native security features of containers, however, might not be enough to stop all modern threats, which is why a number of vendors are offering different types of container security services. Among the vendors is container market leader Docker Inc., which has several open-source efforts that aim to advance security. Rival container vendor CoreOS is also active in the security space with its Clair vulnerability static analysis tool for containers. In this slide show, eWEEK takes a look at 10 vendors that are providing container security technology and services.

Docker has a number of open-source container projects focused on security. Among them is Nautilus, which is commercially known as Docker Security Scanning, providing container application analysis for vulnerabilities.

Docker’s rival CoreOS also has a container image scanning capability with its Clair project.

Aqua Security updated its container security product in February with a new release that helps to segment application container traffic and adds new support for secrets management.

Twistlock updated its namesake container security platform earlier this month with new Compliance Explorer and Runtime Radar features, helping organizations better understand and control container deployments.

The Anchore open-source project provides container image analysis and security policy capabilities that can be used as part of continuous deployment and integration pipelines.

NeuVector provides application-aware network container security to help detect runtime threats against container applications.

Aporeto leads the open-source Trireme project for container security. The Trireme project is an attempt to build a new type of security system for Kubernetes and Docker that relies on authentication and authorization, rather than just network isolation.

Tenable Network Security acquired container security vendor FlawCheck in October 2016 and in January embedded its container scanning capabilities in the tenable.io service. The container security capability in tenable.io scans applications for known vulnerabilities in containers.

Black Duck provides container scanning capabilities that can help identify vulnerable and outdated software components.

Capsule8 is still in its stealth mode and has yet to officially release its container security product. In a video interview with eWEEK earlier this month, co-founder Dino Dai Zovi said his firm is building a container-aware, real-time threat protection platform for Linux-based production environments.